22-04-2025
Is my Gmail account hacked? Google ‘warns' 3 billion users of security risk; check how to recover phished account
Gmail account hacked? You have seven days to act
Live Events
Why passkeys are the future
Gmail attack sparks panic
Premium users can access live human support
Quick tips to secure your Gmail account
Use a passkey associated with your device
Utilize either Google Authenticator or Google Prompts, instead of SMS
Add and routinely update your recovery phone number and Email
Avoid clicking any links in unexpected emails about security alerts
Google will never contact users directly about account security
FAQs
(You can now subscribe to our
(You can now subscribe to our Economic Times WhatsApp channel
More than 3 billion Gmail users are potentially at risk as a major phishing campaign has tricked victims through imitation of Google 's security alerts. The new attack, which employs OAuth apps and a DomainKeys Identified Mail (DKIM) bypass, has made fake emails appear confirmed the issue and is deploying updated protections. A spokesperson from the tech giant said that the new safety features will shut down the avenue for abuse once fully in to a Forbes report, if a Gmail account has been compromised and the attacker has changed password and recovery methods, the legitimate user still has seven days to reverse them. Reportedly, the recovery can be done via original recovery phone number or email—if they were previously set Ross Richendrfer was quoted in the Forbes report stating that users can always enable phishing-resistant technologies like passkeys and security keys. He also urged the users to keep their recovery information updated at regular the tech giant has issued a stern warning against relying solely on passwords or SMS-based two-factor authentication. Both these systems—the firm said—are now vulnerable to increasingly sophisticated urged the users to adopt passkeys, which are tied to their device and require biometric or PIN verification. It added that passkeys make unauthorised access significantly more was alarmed when Ethereum developer Nick Johnson received a realistic legal notice from 'no-reply@ ID. The email had a valid DKIM signature and mimicked an official Google according to the media reports, turned out that attackers had exploited a loophole. They sent genuine emails to themselves and forwarded them to victims to phish per the reports, users who are subscribed to Google One's premium service can access live human support. This includes call-backs and chat options for account recovery . Human support could significantly speed up regaining access following a need to respond as soon as possible. Utilize your recovery phone number or email—if not yet modified by the attacker—to begin account recovery within seven are also associated with your own device and need biometric or PIN authentication. They are not easy to phish or reusable like passwords, so they are significantly more secure.
